SlideShare a Scribd company logo

Secure traveling sjhs journey to the cloud version 2.0 approved

Feisal Nanji
Feisal Nanji
1 of 18
Secure Traveling- St. Joseph Health System Journey to the Cloud Diane Tyo, Manager Technical Systems, St. Joseph Health System Feisal Nanji, Interim Chief Security Officer, St. Joseph Health System, and Exec. Director Techumen LLC
Session Objectives • Describe the St. Joseph Health System • Illustrate why we embarked on this journey • Summarize the St. Joseph Health System journey to the cloud • Review key challenges overcome • Outline security issues that we will face DISCLAIMER: The views and opinions expressed in this presentation are those of the author and do not necessarily represent official policy or position of HIMSS. 2
St. Joseph Health System Profile • Established in 1982, St. Joseph Health System (SJHS) is a not-for-profit, integrated Catholic health care delivery system that is sponsored by the St. Joseph Health Ministry • 14 acute care hospital system based in Orange, California and organized into three regions – Northern California, Southern California and West Texas/Eastern New Mexico. • 3,769 beds • 24,000 + employees 3
SJHS Infrastructure • 2 main data centers – Anaheim, CA – Lubbock, TX • 10 local ministry server rooms – Southern CA -Northern CA – Eureka -Texas 4
Why and how we started • Reduce costs – Hardware -Maintenance – Power -HVAC – Floor Space • Physical server count before VMware – CA 1,325 – TX 343 • Zero virtual servers 5
Where we are today St. Joseph Health System Server Environment SoCal NoCal HUM Texas % of % of Enterprise VM Phy % of VM VM Phy VM VM Phy % of VM VM Phy VM Average September 703 845 45% 169 231 42% 65 64 50% 357 302 54% October 822 828 50% 173 221 44% 66 58 53% 373 298 56% 59% November 738 676 52% 174 142 55% 72 62 54% 411 194 68% December 798 651 55% 174 138 56% 72 56 56% 431 168 72% • Physical servers = 1,013 • Virtual servers = 1,475 6
Key challenges we faced • Storage costs • Enterprise backup • Change thinking of application owners • Proving a successful, user non-impacting P2V process • Determining what could be virtualized 7
Lessons learned along the way • Associate a value to virtual servers • Create an SLA for creation or P2V • Changing the thinking of management – Costs – Backups – Maintenance 8
How far can we go? • 85% virtual environment in 2012 is our goal • Replication of VM environments across data centers • “Bare Metal” Restores 9
Where do we want to go: • Genuine hybrid cloud based environment: – Computing capability on demand – Resource pooling – storage, CPU – Rapid deployment and scaling of IT services – Easy measurement of what’s been used – Self service provisioning by business users 10
Challenges we will face • Standardize commonly repeated operating procedures • Fully automated deployment and management • Self-service provisioning for users of certain services • Network redundancy • Data center moves /expansion • Security and privacy • Getting business areas / customers/ separate hospitals ready to share the same infrastructure (Business process challenges) 11
Business Process Challenges - Preventing Virtual sprawl • Developing relationship maps as a broad and deep, fine-grained view of what exists in our virtualized environment. • Need to explore configuration items (CIs) from layer 2 through layer 7 of the Open System Interconnection (OSI) model. 12
Detailed map contains device and application-specific information: • Databases, including their components such as tablespaces and users • J2EE or .NET components and their interdependencies • Web servers such as IIS and Apache • Windows, UNIX, Linux, and other platforms • Servers and server resources: CPUs, memory, and network interfaces • Routers, switches, load balancers, switch ports, virtual local area networks (VLANs), and firewalls • Storage elements like arrays, logical disks, and storage area network (SAN) interconnectivity 13
Security concerns of the cloud • Where is the data? • Who can see the data? • Who has seen the data? • Has data been tampered with? • Where is the processing performed? • How is the processing configured? • Does backup happen? How? Where? 14
Key Security Technical Concerns • Auditing and monitoring tools • Enterprise security policies will need to match logical and not physical attributes • Network access control and Intrusion prevention • Application security • Identity Management ( Both people and Web services) • Root kit detection and Virtual Machine threats (emerging area) 15
Virtual Machine Threats • Hyper-jacking: Attacks targeted at subverting or layering a rogue hypervisor on a virtual server • VM Escape: An exploit that enables a hacker to move from within a VM to the hypervisor • VM Hopping: An instance in which one VM is able to gain access to another VM • VM Theft: Unauthorized acquisition of a file containing VM • VM Sprawl: The proliferation of virtualized server workloads 16
Summary • Long and winding road • Security and privacy vital, different and continuously changing • Business Process challenges are not to be underestimated DISCLAIMER: The views and opinions expressed in this presentation are those of the author and do not necessarily represent official policy or position of HIMSS. 17
Secure Traveling- St. Joseph Health System Journey to the Cloud • Diane Tyo, SJHS Manager Infrastructure -- Diane.Tyo@stjoe.Org • Feisal Nanji, Interim Chief Security Officer, SJHS , and Exec. Director Techumen LLC Feisal.Nanji@stjoe.org or Feisal@techumen.com 18

Recommended

Run Book Automation with PlateSpin Orchestrate
Run Book Automation with PlateSpin OrchestrateRun Book Automation with PlateSpin Orchestrate
Run Book Automation with PlateSpin OrchestrateNovell
 
Introduction to Crystal and Jasper Reports for Novell Sentinel 6.1
Introduction to Crystal and Jasper Reports for Novell Sentinel 6.1Introduction to Crystal and Jasper Reports for Novell Sentinel 6.1
Introduction to Crystal and Jasper Reports for Novell Sentinel 6.1Novell
 
Upgrading from NetWare to Novell Open Enterprise Server on Linux: The Novell ...
Upgrading from NetWare to Novell Open Enterprise Server on Linux: The Novell ...Upgrading from NetWare to Novell Open Enterprise Server on Linux: The Novell ...
Upgrading from NetWare to Novell Open Enterprise Server on Linux: The Novell ...Novell
 
Web Help Desk Training - Level 2
Web Help Desk Training - Level 2Web Help Desk Training - Level 2
Web Help Desk Training - Level 2SolarWinds
 
Anujit CV
Anujit CV Anujit CV
Anujit CV Anujit Dandapat
 
Realizing the Promise of the Cloud
Realizing the Promise of the CloudRealizing the Promise of the Cloud
Realizing the Promise of the CloudNovell
 
Optimizing workload deployments to accelerate business outcomes
Optimizing workload deployments to accelerate business outcomes Optimizing workload deployments to accelerate business outcomes
Optimizing workload deployments to accelerate business outcomes Dell World
 
Securing Your Cloud Applications with Novell Cloud Security Service
Securing Your Cloud Applications with Novell Cloud Security ServiceSecuring Your Cloud Applications with Novell Cloud Security Service
Securing Your Cloud Applications with Novell Cloud Security ServiceNovell
 

Recommended

Run Book Automation with PlateSpin Orchestrate
Run Book Automation with PlateSpin OrchestrateRun Book Automation with PlateSpin Orchestrate
Run Book Automation with PlateSpin OrchestrateNovell
 
Introduction to Crystal and Jasper Reports for Novell Sentinel 6.1
Introduction to Crystal and Jasper Reports for Novell Sentinel 6.1Introduction to Crystal and Jasper Reports for Novell Sentinel 6.1
Introduction to Crystal and Jasper Reports for Novell Sentinel 6.1Novell
 
Upgrading from NetWare to Novell Open Enterprise Server on Linux: The Novell ...
Upgrading from NetWare to Novell Open Enterprise Server on Linux: The Novell ...Upgrading from NetWare to Novell Open Enterprise Server on Linux: The Novell ...
Upgrading from NetWare to Novell Open Enterprise Server on Linux: The Novell ...Novell
 
Web Help Desk Training - Level 2
Web Help Desk Training - Level 2Web Help Desk Training - Level 2
Web Help Desk Training - Level 2SolarWinds
 
Anujit CV
Anujit CV Anujit CV
Anujit CV Anujit Dandapat
 
Realizing the Promise of the Cloud
Realizing the Promise of the CloudRealizing the Promise of the Cloud
Realizing the Promise of the CloudNovell
 
Optimizing workload deployments to accelerate business outcomes
Optimizing workload deployments to accelerate business outcomes Optimizing workload deployments to accelerate business outcomes
Optimizing workload deployments to accelerate business outcomes Dell World
 
Securing Your Cloud Applications with Novell Cloud Security Service
Securing Your Cloud Applications with Novell Cloud Security ServiceSecuring Your Cloud Applications with Novell Cloud Security Service
Securing Your Cloud Applications with Novell Cloud Security ServiceNovell
 
Wallace phillip 10_2015_resume
Wallace phillip 10_2015_resumeWallace phillip 10_2015_resume
Wallace phillip 10_2015_resumePhillip Wallace
 
Operating OpenStack on a Budget
Operating OpenStack on a BudgetOperating OpenStack on a Budget
Operating OpenStack on a BudgetSusan Wu
 
Hosting
HostingHosting
Hostingwebhostingguy
 
The Novell Collaboration Strategy
The Novell Collaboration StrategyThe Novell Collaboration Strategy
The Novell Collaboration StrategyNovell
 
ConnectWise and eFolder Webinar: From Destruction to Production in 72 Hours
ConnectWise and eFolder Webinar: From Destruction to Production in 72 HoursConnectWise and eFolder Webinar: From Destruction to Production in 72 Hours
ConnectWise and eFolder Webinar: From Destruction to Production in 72 HoursDropbox
 
Anujit CV
Anujit CV Anujit CV
Anujit CV Anujit Dandapat
 
Hyperconvergence... and the public sector
Hyperconvergence... and the public sectorHyperconvergence... and the public sector
Hyperconvergence... and the public sectorLenovo Data Center Systems
 
Novell File Management Suite: Intelligently Manage File Storage for Maximum B...
Novell File Management Suite: Intelligently Manage File Storage for Maximum B...Novell File Management Suite: Intelligently Manage File Storage for Maximum B...
Novell File Management Suite: Intelligently Manage File Storage for Maximum B...Novell
 
Webinar: Is Convergence right for you? – 4 questions to ask
Webinar: Is Convergence right for you? – 4 questions to askWebinar: Is Convergence right for you? – 4 questions to ask
Webinar: Is Convergence right for you? – 4 questions to askStorage Switzerland
 
Network Sage™ Into To C Level V1.4
Network Sage™ Into To C Level V1.4Network Sage™ Into To C Level V1.4
Network Sage™ Into To C Level V1.4ikirmer
 
Himss 2011 securing health information in the cloud -- feisal nanji
Himss 2011 securing health information in the cloud -- feisal nanjiHimss 2011 securing health information in the cloud -- feisal nanji
Himss 2011 securing health information in the cloud -- feisal nanjiFeisal Nanji
 
Tiger oracle
Tiger oracleTiger oracle
Tiger oracled0nn9n
 
110307 cloud security requirements gourley
110307 cloud security requirements gourley110307 cloud security requirements gourley
110307 cloud security requirements gourleyGovCloud Network
 
Manage easier, deliver faster, innovate more - Top 10 facts on Dell Enterpris...
Manage easier, deliver faster, innovate more - Top 10 facts on Dell Enterpris...Manage easier, deliver faster, innovate more - Top 10 facts on Dell Enterpris...
Manage easier, deliver faster, innovate more - Top 10 facts on Dell Enterpris...Dell World
 
Security data deluge
Security data delugeSecurity data deluge
Security data delugeDataWorks Summit
 
Preventing The Next Data Breach Through Log Management
Preventing The Next Data Breach Through Log ManagementPreventing The Next Data Breach Through Log Management
Preventing The Next Data Breach Through Log ManagementNovell
 
Brighttalk understanding the promise of sde - final
Brighttalk understanding the promise of sde - finalBrighttalk understanding the promise of sde - final
Brighttalk understanding the promise of sde - finalAndrew White
 
Houd controle over uw data
Houd controle over uw dataHoud controle over uw data
Houd controle over uw dataICT-Partners
 
Trust, security and privacy issues with cloud erp
Trust, security and privacy issues with cloud erpTrust, security and privacy issues with cloud erp
Trust, security and privacy issues with cloud erpHarshit Garg
 
The Website Resiliency Imperative
The Website Resiliency ImperativeThe Website Resiliency Imperative
The Website Resiliency ImperativeDistil Networks
 
Suning OpenStack Cloud and Heat
Suning OpenStack Cloud and HeatSuning OpenStack Cloud and Heat
Suning OpenStack Cloud and HeatQiming Teng
 
Human Resources & IT: A Marriage Made in Heaven?
Human Resources & IT: A Marriage Made in Heaven?Human Resources & IT: A Marriage Made in Heaven?
Human Resources & IT: A Marriage Made in Heaven?C/D/H Technology Consultants
 

More Related Content

What's hot

Wallace phillip 10_2015_resume
Wallace phillip 10_2015_resumeWallace phillip 10_2015_resume
Wallace phillip 10_2015_resumePhillip Wallace
 
Operating OpenStack on a Budget
Operating OpenStack on a BudgetOperating OpenStack on a Budget
Operating OpenStack on a BudgetSusan Wu
 
The Novell Collaboration Strategy
The Novell Collaboration StrategyThe Novell Collaboration Strategy
The Novell Collaboration StrategyNovell
 
ConnectWise and eFolder Webinar: From Destruction to Production in 72 Hours
ConnectWise and eFolder Webinar: From Destruction to Production in 72 HoursConnectWise and eFolder Webinar: From Destruction to Production in 72 Hours
ConnectWise and eFolder Webinar: From Destruction to Production in 72 HoursDropbox
 
Novell File Management Suite: Intelligently Manage File Storage for Maximum B...
Novell File Management Suite: Intelligently Manage File Storage for Maximum B...Novell File Management Suite: Intelligently Manage File Storage for Maximum B...
Novell File Management Suite: Intelligently Manage File Storage for Maximum B...Novell
 

What's hot (8)

Wallace phillip 10_2015_resume
Wallace phillip 10_2015_resumeWallace phillip 10_2015_resume
Wallace phillip 10_2015_resume
 
Operating OpenStack on a Budget
Operating OpenStack on a BudgetOperating OpenStack on a Budget
Operating OpenStack on a Budget
 
Hosting
HostingHosting
Hosting
 
The Novell Collaboration Strategy
The Novell Collaboration StrategyThe Novell Collaboration Strategy
The Novell Collaboration Strategy
 
ConnectWise and eFolder Webinar: From Destruction to Production in 72 Hours
ConnectWise and eFolder Webinar: From Destruction to Production in 72 HoursConnectWise and eFolder Webinar: From Destruction to Production in 72 Hours
ConnectWise and eFolder Webinar: From Destruction to Production in 72 Hours
 
Anujit CV
Anujit CV Anujit CV
Anujit CV
 
Hyperconvergence... and the public sector
Hyperconvergence... and the public sectorHyperconvergence... and the public sector
Hyperconvergence... and the public sector
 
Novell File Management Suite: Intelligently Manage File Storage for Maximum B...
Novell File Management Suite: Intelligently Manage File Storage for Maximum B...Novell File Management Suite: Intelligently Manage File Storage for Maximum B...
Novell File Management Suite: Intelligently Manage File Storage for Maximum B...
 

Similar to Secure traveling sjhs journey to the cloud version 2.0 approved

Webinar: Is Convergence right for you? – 4 questions to ask
Webinar: Is Convergence right for you? – 4 questions to askWebinar: Is Convergence right for you? – 4 questions to ask
Webinar: Is Convergence right for you? – 4 questions to askStorage Switzerland
 
Network Sage™ Into To C Level V1.4
Network Sage™ Into To C Level V1.4Network Sage™ Into To C Level V1.4
Network Sage™ Into To C Level V1.4ikirmer
 
Himss 2011 securing health information in the cloud -- feisal nanji
Himss 2011 securing health information in the cloud -- feisal nanjiHimss 2011 securing health information in the cloud -- feisal nanji
Himss 2011 securing health information in the cloud -- feisal nanjiFeisal Nanji
 
Tiger oracle
Tiger oracleTiger oracle
Tiger oracled0nn9n
 
110307 cloud security requirements gourley
110307 cloud security requirements gourley110307 cloud security requirements gourley
110307 cloud security requirements gourleyGovCloud Network
 
Manage easier, deliver faster, innovate more - Top 10 facts on Dell Enterpris...
Manage easier, deliver faster, innovate more - Top 10 facts on Dell Enterpris...Manage easier, deliver faster, innovate more - Top 10 facts on Dell Enterpris...
Manage easier, deliver faster, innovate more - Top 10 facts on Dell Enterpris...Dell World
 
Preventing The Next Data Breach Through Log Management
Preventing The Next Data Breach Through Log ManagementPreventing The Next Data Breach Through Log Management
Preventing The Next Data Breach Through Log ManagementNovell
 
Brighttalk understanding the promise of sde - final
Brighttalk understanding the promise of sde - finalBrighttalk understanding the promise of sde - final
Brighttalk understanding the promise of sde - finalAndrew White
 
Houd controle over uw data
Houd controle over uw dataHoud controle over uw data
Houd controle over uw dataICT-Partners
 
Trust, security and privacy issues with cloud erp
Trust, security and privacy issues with cloud erpTrust, security and privacy issues with cloud erp
Trust, security and privacy issues with cloud erpHarshit Garg
 
The Website Resiliency Imperative
The Website Resiliency ImperativeThe Website Resiliency Imperative
The Website Resiliency ImperativeDistil Networks
 
Suning OpenStack Cloud and Heat
Suning OpenStack Cloud and HeatSuning OpenStack Cloud and Heat
Suning OpenStack Cloud and HeatQiming Teng
 
What is Cloud Security, and Can I Have Some?
What is Cloud Security, and Can I Have Some?What is Cloud Security, and Can I Have Some?
What is Cloud Security, and Can I Have Some?John Kinsella
 
VMWare Winnipeg Forum - 2011
VMWare Winnipeg Forum - 2011VMWare Winnipeg Forum - 2011
VMWare Winnipeg Forum - 2011asedha
 
IT Compliance and Governance with DLP Controls and Vulnerability Scanning Sof...
IT Compliance and Governance with DLP Controls and Vulnerability Scanning Sof...IT Compliance and Governance with DLP Controls and Vulnerability Scanning Sof...
IT Compliance and Governance with DLP Controls and Vulnerability Scanning Sof...Skoda Minotti
 
Brighttalk high scale low touch and other bedtime stories - final
Brighttalk high scale low touch and other bedtime stories - finalBrighttalk high scale low touch and other bedtime stories - final
Brighttalk high scale low touch and other bedtime stories - finalAndrew White
 
The Build vs. Buy Decision for SaaS Delivery
The Build vs. Buy Decision for SaaS DeliveryThe Build vs. Buy Decision for SaaS Delivery
The Build vs. Buy Decision for SaaS DeliveryOpSource
 

Similar to Secure traveling sjhs journey to the cloud version 2.0 approved (20)

Webinar: Is Convergence right for you? – 4 questions to ask
Webinar: Is Convergence right for you? – 4 questions to askWebinar: Is Convergence right for you? – 4 questions to ask
Webinar: Is Convergence right for you? – 4 questions to ask
 
Network Sage™ Into To C Level V1.4
Network Sage™ Into To C Level V1.4Network Sage™ Into To C Level V1.4
Network Sage™ Into To C Level V1.4
 
Himss 2011 securing health information in the cloud -- feisal nanji
Himss 2011 securing health information in the cloud -- feisal nanjiHimss 2011 securing health information in the cloud -- feisal nanji
Himss 2011 securing health information in the cloud -- feisal nanji
 
Tiger oracle
Tiger oracleTiger oracle
Tiger oracle
 
110307 cloud security requirements gourley
110307 cloud security requirements gourley110307 cloud security requirements gourley
110307 cloud security requirements gourley
 
Manage easier, deliver faster, innovate more - Top 10 facts on Dell Enterpris...
Manage easier, deliver faster, innovate more - Top 10 facts on Dell Enterpris...Manage easier, deliver faster, innovate more - Top 10 facts on Dell Enterpris...
Manage easier, deliver faster, innovate more - Top 10 facts on Dell Enterpris...
 
Security data deluge
Security data delugeSecurity data deluge
Security data deluge
 
Preventing The Next Data Breach Through Log Management
Preventing The Next Data Breach Through Log ManagementPreventing The Next Data Breach Through Log Management
Preventing The Next Data Breach Through Log Management
 
Brighttalk understanding the promise of sde - final
Brighttalk understanding the promise of sde - finalBrighttalk understanding the promise of sde - final
Brighttalk understanding the promise of sde - final
 
Houd controle over uw data
Houd controle over uw dataHoud controle over uw data
Houd controle over uw data
 
Trust, security and privacy issues with cloud erp
Trust, security and privacy issues with cloud erpTrust, security and privacy issues with cloud erp
Trust, security and privacy issues with cloud erp
 
The Website Resiliency Imperative
The Website Resiliency ImperativeThe Website Resiliency Imperative
The Website Resiliency Imperative
 
Suning OpenStack Cloud and Heat
Suning OpenStack Cloud and HeatSuning OpenStack Cloud and Heat
Suning OpenStack Cloud and Heat
 
Human Resources & IT: A Marriage Made in Heaven?
Human Resources & IT: A Marriage Made in Heaven?Human Resources & IT: A Marriage Made in Heaven?
Human Resources & IT: A Marriage Made in Heaven?
 
What is Cloud Security, and Can I Have Some?
What is Cloud Security, and Can I Have Some?What is Cloud Security, and Can I Have Some?
What is Cloud Security, and Can I Have Some?
 
VMWare Winnipeg Forum - 2011
VMWare Winnipeg Forum - 2011VMWare Winnipeg Forum - 2011
VMWare Winnipeg Forum - 2011
 
IT Compliance and Governance with DLP Controls and Vulnerability Scanning Sof...
IT Compliance and Governance with DLP Controls and Vulnerability Scanning Sof...IT Compliance and Governance with DLP Controls and Vulnerability Scanning Sof...
IT Compliance and Governance with DLP Controls and Vulnerability Scanning Sof...
 
OWASP Top Ten in Practice
OWASP Top Ten in PracticeOWASP Top Ten in Practice
OWASP Top Ten in Practice
 
Brighttalk high scale low touch and other bedtime stories - final
Brighttalk high scale low touch and other bedtime stories - finalBrighttalk high scale low touch and other bedtime stories - final
Brighttalk high scale low touch and other bedtime stories - final
 
The Build vs. Buy Decision for SaaS Delivery
The Build vs. Buy Decision for SaaS DeliveryThe Build vs. Buy Decision for SaaS Delivery
The Build vs. Buy Decision for SaaS Delivery
 

Secure traveling sjhs journey to the cloud version 2.0 approved

  • 1. Secure Traveling- St. Joseph Health System Journey to the Cloud Diane Tyo, Manager Technical Systems, St. Joseph Health System Feisal Nanji, Interim Chief Security Officer, St. Joseph Health System, and Exec. Director Techumen LLC
  • 2. Session Objectives • Describe the St. Joseph Health System • Illustrate why we embarked on this journey • Summarize the St. Joseph Health System journey to the cloud • Review key challenges overcome • Outline security issues that we will face DISCLAIMER: The views and opinions expressed in this presentation are those of the author and do not necessarily represent official policy or position of HIMSS. 2
  • 3. St. Joseph Health System Profile • Established in 1982, St. Joseph Health System (SJHS) is a not-for-profit, integrated Catholic health care delivery system that is sponsored by the St. Joseph Health Ministry • 14 acute care hospital system based in Orange, California and organized into three regions – Northern California, Southern California and West Texas/Eastern New Mexico. • 3,769 beds • 24,000 + employees 3
  • 4. SJHS Infrastructure • 2 main data centers – Anaheim, CA – Lubbock, TX • 10 local ministry server rooms – Southern CA -Northern CA – Eureka -Texas 4
  • 5. Why and how we started • Reduce costs – Hardware -Maintenance – Power -HVAC – Floor Space • Physical server count before VMware – CA 1,325 – TX 343 • Zero virtual servers 5
  • 6. Where we are today St. Joseph Health System Server Environment SoCal NoCal HUM Texas % of % of Enterprise VM Phy % of VM VM Phy VM VM Phy % of VM VM Phy VM Average September 703 845 45% 169 231 42% 65 64 50% 357 302 54% October 822 828 50% 173 221 44% 66 58 53% 373 298 56% 59% November 738 676 52% 174 142 55% 72 62 54% 411 194 68% December 798 651 55% 174 138 56% 72 56 56% 431 168 72% • Physical servers = 1,013 • Virtual servers = 1,475 6
  • 7. Key challenges we faced • Storage costs • Enterprise backup • Change thinking of application owners • Proving a successful, user non-impacting P2V process • Determining what could be virtualized 7
  • 8. Lessons learned along the way • Associate a value to virtual servers • Create an SLA for creation or P2V • Changing the thinking of management – Costs – Backups – Maintenance 8
  • 9. How far can we go? • 85% virtual environment in 2012 is our goal • Replication of VM environments across data centers • “Bare Metal” Restores 9
  • 10. Where do we want to go: • Genuine hybrid cloud based environment: – Computing capability on demand – Resource pooling – storage, CPU – Rapid deployment and scaling of IT services – Easy measurement of what’s been used – Self service provisioning by business users 10
  • 11. Challenges we will face • Standardize commonly repeated operating procedures • Fully automated deployment and management • Self-service provisioning for users of certain services • Network redundancy • Data center moves /expansion • Security and privacy • Getting business areas / customers/ separate hospitals ready to share the same infrastructure (Business process challenges) 11
  • 12. Business Process Challenges - Preventing Virtual sprawl • Developing relationship maps as a broad and deep, fine-grained view of what exists in our virtualized environment. • Need to explore configuration items (CIs) from layer 2 through layer 7 of the Open System Interconnection (OSI) model. 12
  • 13. Detailed map contains device and application-specific information: • Databases, including their components such as tablespaces and users • J2EE or .NET components and their interdependencies • Web servers such as IIS and Apache • Windows, UNIX, Linux, and other platforms • Servers and server resources: CPUs, memory, and network interfaces • Routers, switches, load balancers, switch ports, virtual local area networks (VLANs), and firewalls • Storage elements like arrays, logical disks, and storage area network (SAN) interconnectivity 13
  • 14. Security concerns of the cloud • Where is the data? • Who can see the data? • Who has seen the data? • Has data been tampered with? • Where is the processing performed? • How is the processing configured? • Does backup happen? How? Where? 14
  • 15. Key Security Technical Concerns • Auditing and monitoring tools • Enterprise security policies will need to match logical and not physical attributes • Network access control and Intrusion prevention • Application security • Identity Management ( Both people and Web services) • Root kit detection and Virtual Machine threats (emerging area) 15
  • 16. Virtual Machine Threats • Hyper-jacking: Attacks targeted at subverting or layering a rogue hypervisor on a virtual server • VM Escape: An exploit that enables a hacker to move from within a VM to the hypervisor • VM Hopping: An instance in which one VM is able to gain access to another VM • VM Theft: Unauthorized acquisition of a file containing VM • VM Sprawl: The proliferation of virtualized server workloads 16
  • 17. Summary • Long and winding road • Security and privacy vital, different and continuously changing • Business Process challenges are not to be underestimated DISCLAIMER: The views and opinions expressed in this presentation are those of the author and do not necessarily represent official policy or position of HIMSS. 17
  • 18. Secure Traveling- St. Joseph Health System Journey to the Cloud • Diane Tyo, SJHS Manager Infrastructure -- Diane.Tyo@stjoe.Org • Feisal Nanji, Interim Chief Security Officer, SJHS , and Exec. Director Techumen LLC Feisal.Nanji@stjoe.org or Feisal@techumen.com 18